CISSP PRACTICE QUESTIONS – 20210511

Effective CISSP Questions

There exist many perspectives of Zero Trust. Which of the following is correct? (Wentz QOTD)
A. Zero Trust adoption uses the big bang strategy.
B. Zero Trust networks may coexist with legacy networks isolated by firewalls.
C. Zero Trust prevents lateral movement through the castle-and-moat architecture.
D. Zero Trust, aka perimeterless security, doesn’t define any forms of the perimeter.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Zero Trust networks may coexist with legacy networks isolated by firewalls.

Evolvement of Zero Trust Concepts
Evolvement of Zero Trust Concepts

I define Zero Trust as a new cybersecurity paradigm for access control that features data-centric, fine-grained, dynamic, and visibility.

The beauty of Zero Trust lies in the incremental implementation. Organizations can remain their legacy networks and gradually migrate to Zero Trust. The beauty of Zero Trust lies in the incremental implementation. Organizations can remain their legacy networks and gradually invest in Zero Trust. Even we can do this, but big bang adoption is too radical.

Castle and Moat

Even though various perspectives of Zero Trust exist, no reliance on the physical network location or perimeter is the greatest common factor; firewall-isolated zones such as internal network and DMZ are typical examples of the physical network perimeter. It is also known as castle-and-moat architecture.

Software-defined Perimeter

In a Zero Trust architecture, resources of interest or concern are grouped or segmented using a software-defined or virtual perimeter, which may entail next-generation firewalls.

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

零信任存在很多觀點。 以下哪項是正確的?(Wentz QOTD)
A. 零信任採用大爆炸(big bang)策略。
B. 零信任網絡可能與防火牆隔離的傳統網絡共存。
C. 零信任透過城堡和護城河(castle-and-moat)架構來防止橫向移動。
D. 零信任(又稱無邊界安全性)沒有定義任何形式的邊界。

2 thoughts on “CISSP PRACTICE QUESTIONS – 20210511

    • Perimeterless refers to removal of physical perimeter of networks. Zero Trust doesn’t rely on physical network perimeter but software defined or virtual perimeter.

Leave a Reply